" Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain
Open source components are ubiquitous in companies' setups, processes, and software.
Utilizing these external components as building blocks enables companies to leverage the …
Utilizing these external components as building blocks enables companies to leverage the …
Containing malicious package updates in npm with a lightweight permission system
G Ferreira, L Jia, J Sunshine… - 2021 IEEE/ACM 43rd …, 2021 - ieeexplore.ieee.org
The large amount of third-party packages available in fast-moving software ecosystems,
such as Node. js/npm, enables attackers to compromise applications by pushing malicious …
such as Node. js/npm, enables attackers to compromise applications by pushing malicious …
An Overview and Catalogue of Dependency Challenges in Open Source Software Package Registries
While open-source software has enabled significant levels of reuse to speed up software
development, it has also given rise to the dreadful dependency hell that all software …
development, it has also given rise to the dreadful dependency hell that all software …
On the discoverability of npm vulnerabilities in node. js projects
The reliance on vulnerable dependencies is a major threat to software systems.
Dependency vulnerabilities are common and remain undisclosed for years. However, once …
Dependency vulnerabilities are common and remain undisclosed for years. However, once …
Dependency-Induced Waste in Continuous Integration: An Empirical Study of Unused Dependencies in the npm Ecosystem
Modern software systems are increasingly dependent upon code from external packages
(ie, dependencies). Building upon external packages allows software reuse to span across …
(ie, dependencies). Building upon external packages allows software reuse to span across …
A multi-dimensional analysis of technical lag in Debian-based Docker images
Container-based solutions, such as Docker, have become increasingly relevant in the
software industry to facilitate deploying and maintaining software systems. Little is known …
software industry to facilitate deploying and maintaining software systems. Little is known …
Dependency update strategies and package characteristics
Managing project dependencies is a key maintenance issue in software development.
Developers need to choose an update strategy that allows them to receive important …
Developers need to choose an update strategy that allows them to receive important …
A closer look at the security risks in the rust ecosystem
Rust is an emerging programming language designed for the development of systems
software. To facilitate the reuse of Rust code, crates. io, as a central package registry of the …
software. To facilitate the reuse of Rust code, crates. io, as a central package registry of the …
I depended on you and you broke me: An empirical study of manifesting breaking changes in client packages
Complex software systems have a network of dependencies. Developers often configure
package managers (eg, npm) to automatically update dependencies with each publication …
package managers (eg, npm) to automatically update dependencies with each publication …
Technical lag of dependencies in major package managers
Background: Third party libraries used by a project (dependencies) can easily become
outdated over time, a phenomenon called technical lag. Keeping dependencies up to date …
outdated over time, a phenomenon called technical lag. Keeping dependencies up to date …